Re: Getting Controller and Action from HttpContext

From an HttpContext object? You can't; you require at minimum a RequestContext
object. If you have a RequestContext object, you can call RouteData.GetRequiredString("controller") / GetRequiredString("action").

Re: Getting Controller and Action from HttpContext

The code sample on your blog looks fine. The AuthorizeCore() is the appropriate place to perform these custom checks. (I've not actually tested your code, but the general pattern seems good.)

What exactly are you looking for feedback on? You need access to more information than is available in the AuthorizeCore() method?

Note that the reason the AuthorizeCore() method gives you so little to work with is that it hooks authorization in both the MVC pipeline and in the output caching pipeline. (If a page is cached, the AuthorizeCore() method still runs before the page
is served from the cache, even though the rest of the MVC pipeline is inactive.)

If you need to inspect the action method itself or otherwise get information inaccessible from the AuthorizeCore() method, you can do that from within the OnAuthorization() method. If you go this route, be sure that the request isn't cached, else the OnAuthorization()
method won't be called when the page is fetched from the cache. But if you were doing something as complicated as this, you probably weren't output caching these particular actions anyway. :)

Re: Getting Controller and Action from HttpContext

levib

The code sample on your blog looks fine. The AuthorizeCore() is the appropriate place to perform these custom checks. (I've not actually tested your code, but the general pattern seems good.)

What exactly are you looking for feedback on? You need access to more information than is available in the AuthorizeCore() method?

Note that the reason the AuthorizeCore() method gives you so little to work with is that it hooks authorization in both the MVC pipeline and in the output caching pipeline. (If a page is cached, the AuthorizeCore() method still runs before the page
is served from the cache, even though the rest of the MVC pipeline is inactive.)

Not my code, but something someone else suggested. Somewhere in there (AFAIK the AuthorizeCore seems to be the correct place) I want to get hold of the calling controller and action. I can then cross-ref that with the user roles and see if that is in a
DB table entry which contains the controller/action/access privs. This way I can moe the authorisation out of being hard-coded in the app and into a DB table where it can then be administered by the apps admin functions. My current problem is that I'm struggling
to get those controller and action names. And no, I wouldn't want any caching on these pages, the whole app is very dynamic =8)

I'll have a look at what I've got here over the next few days, thx for the feedback, any more is always welcome (WRT my comments here).

Cheers - MH

Please remember to mark replies as answers if you find them useful =8)

Re: Getting Controller and Action from HttpContext

levib

The code sample on your blog looks fine. The AuthorizeCore() is the appropriate place to perform these custom checks. (I've not actually tested your code, but the general pattern seems good.)

What exactly are you looking for feedback on? You need access to more information than is available in the AuthorizeCore() method?

Note that the reason the AuthorizeCore() method gives you so little to work with is that it hooks authorization in both the MVC pipeline and in the output caching pipeline. (If a page is cached, the AuthorizeCore() method still runs before the page
is served from the cache, even though the rest of the MVC pipeline is inactive.)

If you need to inspect the action method itself or otherwise get information inaccessible from the AuthorizeCore() method, you can do that from within the OnAuthorization() method. If you go this route, be sure that the request isn't cached, else the OnAuthorization()
method won't be called when the page is fetched from the cache. But if you were doing something as complicated as this, you probably weren't output caching these particular actions anyway. :)

I will replace the // blah blah blah section with a call to a DB function, passing in the user's role list, the controller and action name and getting back a boolean.

Would the controller and action name ever not exist/get passed in? I couldn't see any reason why not, but I was wondering - even if it were a default action, from the URL's point of view, this would still generate an action name in the RouteData, wouldn't
it?

Also, output caching is something that's explicitly stated, isn't it? As you suggested, and as far as I am aware, I am not explicitly using it (nor would I want to as each page in this app is always dynamic) but are there any gotchas that I can check for
that might enable it somehow?

Cheers for your help, much apprec, sorry it's taken quite a few days to get to this, but I've been working like crazy all this year

MH

Please remember to mark replies as answers if you find them useful =8)

Re: Getting Controller and Action from HttpContext

Mad-Halfling

Would the controller and action name ever not exist/get passed in? I couldn't see any reason why not, but I was wondering - even if it were a default action, from the URL's point of view, this would still generate an action name in the RouteData, wouldn't
it?

You can get the controller and action name from filterContext (filterContext.ActionDescriptor.ActionName and filterContext.ActionDescriptor.ControllerDescriptor.ControllerName). This should be easier than going through RouteData. And you're guaranteed
that they're set. So that else block after the DB call isn't necessary.

Mad-Halfling

Also, output caching is something that's explicitly stated, isn't it? As you suggested, and as far as I am aware, I am not explicitly using it (nor would I want to as each page in this app is always dynamic) but are there any gotchas that I can check for that
might enable it somehow?

Using [OutputCache] or calling the output caching methods are the only ways to enable it. The first few lines where output caching is disabled is just a precaution in case an [OutputCache] inadvertently gets set on this controller.

Re: Getting Controller and Action from HttpContext

Thanks for the feedback - I don't have ActionDescription as an available property/method on the filterContext object - all I have are Controller, Equals, GetHashCode, GetType, HttpContext, RequestContext, Result, RouteData, ToString - what am I missing?

Had figured that about the output cache, but wanted to check it couldn't sneak in anywhere - thanks for clarifying that.

Please remember to mark replies as answers if you find them useful =8)

Re: Getting Controller and Action from HttpContext

mad-halfling

I don't have ActionDescription as an available property/method on the filterContext object

It's available in MVC 2 (as of Beta or RC1, I think?). If you're using MVC 1, use RouteData.GetRequiredString() instead. This is the same as RouteData.Values[], but it performs the null-or-empty check for you.

Re: Getting Controller and Action from HttpContext

Ah, I was wondering about that after I logged off last night - yes I'm still on 1 (complicated app + deadline = not-upgrading-yet). No matter, it works OK and I've put a comment in the program that it can be changed when the framework is upgraded. Thanks
for all your help, you are a gent and a scholar.

Please remember to mark replies as answers if you find them useful =8)